Directory authorities now call routers Fast if their bandwidth is

at least 100KB/s, and consider their bandwidth adequate to be a
Guard if it is at least 250KB/s. This fix complements proposal
107. [Bugfix on 0.1.2.x]


svn:r10897

3 files changed, 28 insertions, 13 deletions

diff --git a/ChangeLog b/ChangeLog
index e6e2a5336..0ff5a21f2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -47,6 +47,12 @@ Changes in version 0.2.0.3-alpha - 2007-??-??
   o Deprecated features:
     - RedirectExits is now deprecated.
 
+  o Security fixes:
+    - Directory authorities now call routers Fast if their bandwidth is
+      at least 100KB/s, and consider their bandwidth adequate to be a
+      Guard if it is at least 250KB/s. This fix complements proposal
+      107. [Bugfix on 0.1.2.x]
+
   o Major bugfixes (directory):
     - Fix a crash bug when router descriptors end at a 4096-byte boundary
       on disk.  [Bugfix on 0.1.2.x]
@@ -191,7 +197,7 @@ Changes in version 0.2.0.1-alpha - 2007-06-01
       Add a standalone tool to generate key certificates. (Proposal 103.)
 
   o Security fixes:
-    - Directory authorities now call routers stable if they have an
+    - Directory authorities now call routers Stable if they have an
       uptime of at least 30 days, even if that's not the median uptime
       in the network. Implements proposal 107, suggested by Kevin Bauer
       and Damon McCoy.
diff --git a/doc/spec/dir-spec.txt b/doc/spec/dir-spec.txt
index 2f6689fc3..6ca7dcf7b 100644
--- a/doc/spec/dir-spec.txt
+++ b/doc/spec/dir-spec.txt
@@ -938,19 +938,19 @@ $Id$
    it successfully within the last 30 minutes.
 
    "Stable" -- A router is 'Stable' if it is active, and either its
-   uptime is at least the median uptime for known active routers, or
+   uptime is at least the median uptime for known active routers or
    its uptime is at least 30 days. Routers are never called stable if
    they are running a version of Tor known to drop circuits stupidly.
    (0.1.1.10-alpha through 0.1.1.16-rc are stupid this way.)
 
    "Fast" -- A router is 'Fast' if it is active, and its bandwidth is
-   in the top 7/8ths for known active routers.
+   either in the top 7/8ths for known active routers or at least 100KB/s.
 
    "Guard" -- A router is a possible 'Guard' if it is 'Stable' and its
-   bandwidth is above median for known active routers. If the total
-   bandwidth of active non-BadExit Exit servers is less than one third
-   of the total bandwidth of all active servers, no Exit is listed as
-   a Guard.
+   bandwidth is either above median for known active routers or at least
+   250KB/s. If the total bandwidth of active non-BadExit Exit servers
+   is less than one third of the total bandwidth of all active servers,
+   no Exit is listed as a Guard.
 
    "Authority" -- A router is called an 'Authority' if the authority
    generating the network-status document believes it is an authority.
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index ae4c93218..546873bf3 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1437,6 +1437,12 @@ should_generate_v2_networkstatus(void)
  * network using allegedly high-uptime nodes, displacing all the
  * current guards. */
 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
+/** Similarly, we protect sufficiently fast nodes from being pushed
+ * out of the set of Fast nodes. */
+#define BANDWIDTH_TO_GUARANTEE_FAST (100*1024)
+/** Similarly, every node with sufficient bandwidth can be considered
+ * for Guard status. */
+#define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
 
 /* Thresholds for server performance: set by
  * dirserv_compute_performance_thresholds, and used by
@@ -1475,9 +1481,11 @@ dirserv_thinks_router_is_unreliable(time_t now,
         (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
       return 1;
   }
-  if (need_capacity &&
-      router_get_advertised_bandwidth(router) < fast_bandwidth)
-    return 1;
+  if (need_capacity) {
+    uint32_t bw = router_get_advertised_bandwidth(router);
+    if (bw < fast_bandwidth && bw < BANDWIDTH_TO_GUARANTEE_FAST)
+      return 1;
+  }
   return 0;
 }
 
@@ -1710,9 +1718,10 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
   rs->is_valid = ri->is_valid;
   rs->is_possible_guard = rs->is_fast && rs->is_stable &&
     (!rs->is_exit || exits_can_be_guards) &&
-    router_get_advertised_bandwidth(ri) >=
-    (exits_can_be_guards ? guard_bandwidth_including_exits :
-     guard_bandwidth_excluding_exits);
+    (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
+     router_get_advertised_bandwidth(ri) >=
+     (exits_can_be_guards ? guard_bandwidth_including_exits :
+      guard_bandwidth_excluding_exits));
   rs->is_bad_exit = listbadexits && ri->is_bad_exit;
   /* 0.1.1.9-alpha is the first version to support fetch by descriptor
    * hash. */